WM) CERTKILLERS 


Cisco 


642-736 


Implementing Advanced Cisco Unified Wireless Security 
(IAUWS) 


https://www.certkillers.net/Exam/642- 736 


Dynamic VLAN assignment can be done on a Cisco Wireless LAN Controller using which 
two attributes? (Choose two.) 


A. TACACS-+ attributes 

B. RADIUS IETF attributes 
C. Cisco Airespace VSA 

D. RADIUS Cisco Aironet 


Answer: B, C 


QUESTION: 72 
The basic EAP protocol consists of which packet types? 


A. EAP pass-thru, EAPOL 

B. EAP failure, EAP success 

C. EAP acknowledge, EAP success 

D. EAP request, EAP response, EAP success, EAP failure 


Answer: D 


QUESTION: 73 
The Cisco Unified wireless solution provides which three wired-side tracing techniques? 
(Choose three.) 


A. Switch port tracing 
B. Adaptive wIPS 

C. RLDP 

D. Auto Containment 
E. Rogue Detector 

F. H-REAP 


Answer: A, C, E 
QUESTION: 74 
Where do the guest WLANs have to be configured when using the foreign and anchor 


controller approach? 


A. Anchor controllers only 
B. Both foreign and anchor controllers 
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C. Every controller in the mobility group 
D. Foreign controllers only that manage AP with guest access 


Answer: B 


QUESTION: 75 
When deploying guest WLAN access using the anchor controller, the foreign controller 
initiates the EoIP tunnel to the anchor controller through which interface? 


A. Any interface 

B. Ap-manager interface 
C. Management interface 
D. Virtual interface 


Answer: C 


QUESTION: 76 
What is necessary for web authentication in a Cisco Wireless LAN Controller? 


A. Layer 2 security feature 

B. Layer 3 security feature 

C. WPA 

D. WPA2 enabled 

E. 802.1x authentication enabled 


Answer: B 


QUESTION: 77 

Refer to the exhibit. 

This topology diagram is for wireless NAC out-of-band operations. When configuring the 
interface on the controller to support the NAC-enabled WLAN, which VLAN is the 
quarantine VLAN and which VLAN is the access VLAN? 
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A. VLAN 176 is the quarantine VLAN and VLAN 175 is the access VLAN. 
B. VLAN 176 is the quarantine VLAN and VLAN 11 is the access VLAN. 
C. VLAN 175 is the quarantine VLAN and VLAN 176 is the access VLAN. 
D. VLAN 175 is the quarantine VLAN and VLAN 11 is the access VLAN. 
E. VLAN 75 is the quarantine VLAN and VLAN 175 is the access VLAN. 
F. VLAN 75 is the quarantine VLAN and VLAN 176 is the access VLAN. 


Answer: A 


QUESTION: 78 
If DHCP services are implemented on the anchor controller, what is locally populated in 
the primary DHCP server field? 


A. DHCP relay IP address 
B. Next-hop router IP address 


C. Firewall DMZ interface IP address 
D. Management IP address of the controller 


Answer: D 


QUESTION: 79 
How does Cisco implement infrastructure MFP? 
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A. Encrypting the management frames sent between APs and Cisco Compatible Extensions 
v5 clients 

B. Using a digital signature mechanism to insert a MIC into 802.11 management frames 

C. Using a secured EoIP management tunnel between the APs and controllers 

D. Using AES to encrypt all management frames between the clients, aps, and controllers 
E. Using 802.1X to authentication the APs 


Answer: B 


QUESTION: 80 
What is the Cisco NAC Guest Server account management used for? 


A. To deploy external guest management for billing purposes 

B. To allow guests to roam across controllers 

C. To allow lobby ambassadors to manage more than 2,000 guest users 
D. To have more than one lobby administrator 

E. To allow web authentication via external portal 


Answer: A 


QUESTION: 81 
Which two options are valid for configuring a controller IDS signature rule? (Choose two.) 


A. Quiet time 

B. Mac frequency 

C. Source address 

D. Destination address 
E. Frequency band 


Answer: A, B 


QUESTION: 82 
Which two descriptions of mpings and epings are true? (Choose two.) 


A. mpings run over UDP port 16666. 

B. mpings run over UDP port 16667 and epings run over port 16666. 

C. epings run over EoIP. 

D. mpings test mobility data packet reachability and epings test mobility control packet 
reachability. 
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E. mpings run over the management interface and epings run over the virtual interface. 
F. mpings and epings are useful tools for troubleshooting the lightweight APs. 


Answer: A, C 


QUESTION: 83 
Which three 802.1x Authentication Modes can be configured with Cisco Secure Services 
Client supplicant? (Choose three.) 


A. EAP-FAST 
B. EAP-TLS 
C. EAP-TTLS 
D. LEAP-GTC 
E. PEAP-TLS 


Answer: A, B, C 


QUESTION: 84 
Which two steps are required for creating a wired guest user? (Choose two.) 


A. Create WLAN on the anchor controller only. 

B. Select the management interface as the egress interface. 

C. Create the management interface in the egress interface. 

D. Select the interface you created as the guest LAN interface in the ingress interface 
menu. 


Answer: B, D 


QUESTION: 85 

When using Cisco Secure Services Client to configure a wireless LAN connection that uses 
EAP- FAST, which three options are available as the inner authentication method? (Choose 
three.) 


A. GTC 

B. PAC 

C. MSChapV2 
D. TLS 

E. PAP 

F. Pre-shared key 


Answer: A, C, D 
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